Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-12-2014 Ran by szymon at 2014-12-12 20:26:08 Run:1 Running from C:\Users\szymon\Desktop\usuwanie Loaded Profile: szymon (Available profiles: szymon) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {21C85B50-4EAF-4C50-80FD-8716E67E78C7} - System32\Tasks\SM => C:\Users\szymon\AppData\Roaming\SM.exe <==== ATTENTION Task: {35C7888B-20BE-4410-9865-C16317768118} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe [2014-08-27] () Task: {3CE4013D-02A3-41A2-92CE-87F0A505180B} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {5A4E37DD-1A6A-47DC-9279-ECBBC0E46171} - System32\Tasks\YTDownloaderUpd => C:\Program Files\YTDownloader\updater.exe <==== ATTENTION Task: {679F3AE8-6C70-4FEA-9A43-18802E35DECB} - System32\Tasks\CFBEDSDX => C:\Users\szymon\AppData\Roaming\CFBEDSDX.exe <==== ATTENTION Task: {68AC8398-FF3C-4785-8283-BB7066877E4D} - System32\Tasks\WGPYQE => C:\Users\szymon\AppData\Roaming\WGPYQE.exe <==== ATTENTION Task: {8DEBA46F-3037-43C6-819D-91BE02FD5170} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{856425F7-27EC-47BA-B473-F7F1D6CE8995}.exe Task: {EDEDAFDE-A07D-4B0C-81C3-EBEA7E79C2B6} - System32\Tasks\MXPUWBDF => C:\Users\szymon\AppData\Roaming\MXPUWBDF.exe <==== ATTENTION Task: {FC7FEED9-D47D-4949-B546-96C75D97F828} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{856425F7-27EC-47BA-B473-F7F1D6CE8995}.exe Task: C:\Windows\Tasks\CFBEDSDX.job => C:\Users\szymon\AppData\Roaming\CFBEDSDX.exe <==== ATTENTION Task: C:\Windows\Tasks\MXPUWBDF.job => C:\Users\szymon\AppData\Roaming\MXPUWBDF.exe <==== ATTENTION Task: C:\Windows\Tasks\SM.job => C:\Users\szymon\AppData\Roaming\SM.exe <==== ATTENTION Task: C:\Windows\Tasks\WGPYQE.job => C:\Users\szymon\AppData\Roaming\WGPYQE.exe <==== ATTENTION HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKU\S-1-5-21-3182861355-789584673-1566108675-1003\...\Run: [AVG-Secure-Search-Update_0814tb] => C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0814tb.exe [2782744 2014-08-27] () HKU\S-1-5-21-3182861355-789584673-1566108675-1003\...\RunOnce: [Adobe Speed Launcher] => 1418408548 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorpedoCopy.lnk ShortcutTarget: TorpedoCopy.lnk -> C:\Users\szymon\AppData\Local\Torpedo\Torpedo.exe (No File) URLSearchHook: HKU\S-1-5-21-3182861355-789584673-1566108675-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: HKU\S-1-5-21-3182861355-789584673-1566108675-1003 - (No Name) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - No File SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3182861355-789584673-1566108675-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-3182861355-789584673-1566108675-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKU\S-1-5-21-3182861355-789584673-1566108675-1003 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = BHO: No Name -> {9820340E-BAA4-4987-82D6-415ACD842175} -> No File FF Extension: No Name - C:\Users\szymon\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-18] FF Extension: No Name - C:\Users\szymon\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-07-18] CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} S2 Update DiVapton; "C:\Program Files\DiVapton\updateDiVapton.exe" [X] S3 esgiguard; \\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 VMC302; System32\Drivers\VMC302.sys [X] 2014-12-12 19:14 - 2014-12-12 19:18 - 00000000 ____D () C:\AdwCleaner 2014-12-11 19:45 - 2014-12-11 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-12-11 19:45 - 2014-12-11 19:45 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-12-11 19:45 - 2014-12-11 19:45 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-12-07 23:46 - 2014-12-07 23:46 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-12-07 23:45 - 2014-12-10 23:14 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2014-12-07 23:45 - 2014-12-07 23:45 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-12-07 23:43 - 2014-12-07 23:43 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\szymon\Downloads\SpyHunter-installer.exe 2014-12-07 21:53 - 2014-12-12 19:20 - 00001342 _____ () C:\Windows\Tasks\WGPYQE.job 2014-12-07 21:53 - 2014-12-07 21:59 - 00000000 ____D () C:\Program Files\2e56a52c-17d4-4d58-bfcb-f011299ed8e9 2014-12-07 21:52 - 2014-12-12 19:20 - 00000294 _____ () C:\Windows\Tasks\MXPUWBDF.job 2014-12-07 21:52 - 2014-12-07 21:57 - 00000000 ____D () C:\Program Files\37d7f9d4-f496-4144-ade2-3b8aa39c35ba 2014-12-07 21:51 - 2014-12-12 19:20 - 00000282 _____ () C:\Windows\Tasks\SM.job 2014-12-07 21:51 - 2014-12-07 22:00 - 00000000 ____D () C:\Program Files\1d58dff9-b595-4815-8928-4636659cad3f 2014-12-07 21:50 - 2014-12-12 19:20 - 00000294 _____ () C:\Windows\Tasks\CFBEDSDX.job 2014-12-06 21:09 - 2014-12-06 21:19 - 00000000 ____D () C:\Users\szymon\AppData\Local\Torpedo 2014-12-06 21:09 - 2014-12-06 21:09 - 00000000 ____D () C:\Users\szymon\Downloads\Torpedo 2014-12-06 21:07 - 2014-12-06 21:07 - 05711966 _____ ( ) C:\Users\szymon\Downloads\TorpedoSetup.exe C:\Users\szymon\ftd2xx.dll C:\Users\szymon\InstDrv.bat C:\Users\szymon\OPCOMRD.DLL C:\Users\szymon\opcomusb.dll C:\Users\szymon\Rundll32.exe C:\Users\szymon\SkypeSetupFull.exe C:\Users\szymon\AppData\Roaming\settings.ini EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21C85B50-4EAF-4C50-80FD-8716E67E78C7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21C85B50-4EAF-4C50-80FD-8716E67E78C7}" => Key deleted successfully. C:\Windows\System32\Tasks\SM => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SM" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35C7888B-20BE-4410-9865-C16317768118}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35C7888B-20BE-4410-9865-C16317768118}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0814tb_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CE4013D-02A3-41A2-92CE-87F0A505180B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CE4013D-02A3-41A2-92CE-87F0A505180B}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A4E37DD-1A6A-47DC-9279-ECBBC0E46171}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A4E37DD-1A6A-47DC-9279-ECBBC0E46171}" => Key deleted successfully. C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{679F3AE8-6C70-4FEA-9A43-18802E35DECB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{679F3AE8-6C70-4FEA-9A43-18802E35DECB}" => Key deleted successfully. C:\Windows\System32\Tasks\CFBEDSDX => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CFBEDSDX" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68AC8398-FF3C-4785-8283-BB7066877E4D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68AC8398-FF3C-4785-8283-BB7066877E4D}" => Key deleted successfully. C:\Windows\System32\Tasks\WGPYQE => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WGPYQE" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DEBA46F-3037-43C6-819D-91BE02FD5170}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DEBA46F-3037-43C6-819D-91BE02FD5170}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDEDAFDE-A07D-4B0C-81C3-EBEA7E79C2B6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDEDAFDE-A07D-4B0C-81C3-EBEA7E79C2B6}" => Key deleted successfully. C:\Windows\System32\Tasks\MXPUWBDF => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MXPUWBDF" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC7FEED9-D47D-4949-B546-96C75D97F828}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7FEED9-D47D-4949-B546-96C75D97F828}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => Moved successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => Moved successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. C:\Windows\Tasks\CFBEDSDX.job => Moved successfully. C:\Windows\Tasks\MXPUWBDF.job => Moved successfully. C:\Windows\Tasks\SM.job => Moved successfully. C:\Windows\Tasks\WGPYQE.job => Moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully. HKU\S-1-5-21-3182861355-789584673-1566108675-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0814tb => value deleted successfully. HKU\S-1-5-21-3182861355-789584673-1566108675-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe => Moved successfully. C:\Users\szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorpedoCopy.lnk => Moved successfully. C:\Users\szymon\AppData\Local\Torpedo\Torpedo.exe not found. HKU\S-1-5-21-3182861355-789584673-1566108675-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully. HKU\S-1-5-21-3182861355-789584673-1566108675-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-3182861355-789584673-1566108675-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKU\S-1-5-21-3182861355-789584673-1566108675-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully. "HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found. "HKU\S-1-5-21-3182861355-789584673-1566108675-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}" => Key deleted successfully. "HKCR\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9820340E-BAA4-4987-82D6-415ACD842175}" => Key deleted successfully. "HKCR\CLSID\{9820340E-BAA4-4987-82D6-415ACD842175}" => Key not found. C:\Users\szymon\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions => Moved successfully. C:\Users\szymon\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins => Moved successfully. Chrome DefaultSuggestURL not detected. Update DiVapton => Service deleted successfully. esgiguard => Service deleted successfully. hwdatacard => Service deleted successfully. VMC302 => Service deleted successfully. C:\AdwCleaner => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus => Moved successfully. C:\ProgramData\McAfee Security Scan => Moved successfully. "C:\Program Files\McAfee Security Scan" directory move: C:\Program Files\McAfee Security Scan\uninstall.exe => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\AVScanner.ini => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\ftconfig.ini => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\McAfee.ico => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\mcbrwsr2.dll => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\MCCompHostConfig.ini => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\mcuicnt.exe => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\McUpdater.dll => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\SecurityScanner.dll => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\SecurityScanner_LD.dll => Moved successfully. C:\Program Files\McAfee Security Scan\3.0.285\SSCustom_LD.dll => Moved successfully. Could not move "C:\Program Files\McAfee Security Scan" directory. => Scheduled to move on reboot. C:\Program Files\Enigma Software Group => Moved successfully. C:\Windows\455F074C814E4520B69B5584BD90400C.TMP => Moved successfully. C:\Program Files\Common Files\Wise Installation Wizard => Moved successfully. C:\Users\szymon\Downloads\SpyHunter-installer.exe => Moved successfully. "C:\Windows\Tasks\WGPYQE.job" => File/Directory not found. C:\Program Files\2e56a52c-17d4-4d58-bfcb-f011299ed8e9 => Moved successfully. "C:\Windows\Tasks\MXPUWBDF.job" => File/Directory not found. C:\Program Files\37d7f9d4-f496-4144-ade2-3b8aa39c35ba => Moved successfully. "C:\Windows\Tasks\SM.job" => File/Directory not found. C:\Program Files\1d58dff9-b595-4815-8928-4636659cad3f => Moved successfully. "C:\Windows\Tasks\CFBEDSDX.job" => File/Directory not found. C:\Users\szymon\AppData\Local\Torpedo => Moved successfully. C:\Users\szymon\Downloads\Torpedo => Moved successfully. C:\Users\szymon\Downloads\TorpedoSetup.exe => Moved successfully. C:\Users\szymon\ftd2xx.dll => Moved successfully. C:\Users\szymon\InstDrv.bat => Moved successfully. C:\Users\szymon\OPCOMRD.DLL => Moved successfully. C:\Users\szymon\opcomusb.dll => Moved successfully. C:\Users\szymon\Rundll32.exe => Moved successfully. C:\Users\szymon\SkypeSetupFull.exe => Moved successfully. C:\Users\szymon\AppData\Roaming\settings.ini => Moved successfully. EmptyTemp: => Removed 8.1 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-12 20:37:39)<= C:\Program Files\McAfee Security Scan => Is moved successfully. ==== End of Fixlog ====